03-08-2010 08:17 AM
Currently all our internal addresses translate to a single external ip addr. We want to break this up for certain segments to have different public addresses. When I test this for myself, I cannot reach the websites. This includes, verisign, secureworks, Ironport support portal. Bank is OK. When I remove the dynamic nat off the ASA, all is fine again. Web traffic, because it comes from non spoofed proxy address, should not have changed. The access logs don't show the site is ever accessed. I don't know for certain this is Ironport related but I do have HTTPS proxy enabled. 6.3.3. Let me know if anyone has seen similar. Thanks much. jc
03-08-2010 08:20 AM
Clarification, I cannot reach websites where I have a user certificate installed for access, expect Ironport support site.
03-08-2010 08:26 AM
We use WCCP at core switch to route users to S360. HTTP and HTTPS in acl.
03-10-2010 01:21 PM
This question was answer in customer support, further troubleshooting might be needed on the network/fw side.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide